In light of recent ICE/DHS shenanigans in the US

  • hit_the_rails@reddthat.com
    10·
    9 hours ago

    I have a phone running GrapheneOS. What would happen if I gave them my duress PIN at the US border when compelled to do so? If entered, the duress PIN will immediately wipe the phone.

    • answersplease77@lemmy.world
      7·
      8 hours ago

      In a fair judicial system, they will protect you if you have nothing to be guilty of. Also on the other hand, if they have a judicial warrent for your phone, then it’ll be a crime to not produce it, or destroy it.

      In a country with a lawless system, and this is a real story btw that happened to my friend: The ones with deleted whatsapp conversation or “lost phones” recived 10+ years extra while his peers who committed the same exact crime in the same group but opened their phones recieved 2 years. I myself have read the prosecution case papers where the judge added the crime of them deleting whatsapp conversations, and formatting or destroying phones.

    • xye@lemm.eeEnglish
      4·
      8 hours ago

      If you’re not a citizen my absolutely uneducated answer would be: if you were suspected of having done anything like that you would be detained for tampering with evidence - because they would now detain you for tampering with evidence. I would have said this wouldn’t have been a huge issue before, they wouldn’t have anything to hold you on after that, but that is certainly not true now.

  • vga@sopuli.xyz
    101·
    12 hours ago

    I’m not encrypting my stuff because of people who can legally punch me in the face if I don’t comply. I’m encrypting them against some dude who steals my backpack when I’m commuting.

    I’m not saying that all authorities are great but if your biggest risk is your local authorities, you need to change something in your life. Possibly your place of residency.

  • FauxLiving@lemmy.world
    342·
    1 day ago

    Most people lock their phones with biometrics which can be legally compelled from you.

    If you use a password you can refuse to provide it.

    If you’re living in a world where the police are willing to literally drug and torture you then your digital security requirements are beyond the scope of what you can get from social media and you should assume that everything you do is publicly known.

    • bob_lemon@feddit.org
      9·
      23 hours ago

      Both iPhone and Android have ways to disable biometrics until the next unlock via password/code.

      Iirc, on iPhone, it was pushing the power button 5 (or 7?) times. On Android, long press the power button and select “lock”.

      • Geodad@lemm.eeEnglish
        4·
        20 hours ago

        I configured my Graphene OS to require both fingerprint and passcode to unlock. I also have a “duress passcode” that I can input to wipe the device.

        • daytonah@lemmy.mlEnglish
          1·
          15 hours ago

          Is it possible to setup this way;:

          1. One password gets into your first profile that is protected with a
          2. Duress passcode
          3. 2nd password/just fingerprint gets you into a 2nd profile, that is, everything you don’t care about…

          I haven’t tried graphene but thinking about it now…

      • alkbch@lemmy.mlEnglish
        1·
        21 hours ago

        Press the power button and one of the volume buttons for 3 seconds.

    • techclothes@lemmy.world
      2·
      20 hours ago

      I use biometrics for apps and such, but not my phone. Having worked apple support, the number of people who only used their fingerprint and their phone was restarted for whatever reason leading them to have to know their password, which they forgot… is numerous.

  • umbrella@lemmy.ml
    17·
    1 day ago

    so… dummy phone? even before that, don’t they have access to your cloud stuff?

    • bobbyfiend@lemmy.mlOP
      17·
      1 day ago

      They have access to it if they threaten/indimidate/blackmail you into giving them access. Dummy phones are a real thing; saw a post today on masto by a company… person (?) who said they keep a stash of clean burner phones for when employees travel through US borders. These are all reasonable, and maybe even CalyxOS’s decoy partition (does it still have that?). The larger problem is that few people will use these things, not even bringing a clean phone. And once they start threatening your family and your long-term safety and freedom, it’s highly likely you’ll give them access, if they know there is any access to be had. Which they increasingly do, because universal surveillance blah blah.

      • umbrella@lemmy.ml
        41·
        17 hours ago

        i meant more with nsa type surveillance, they pretty much have a little leg on every us corporation. it seems they really want to start utilizing that data more against its own populace now.

        also they have cyberweapons that can exploit their way inside most common phones anyway.

        • theneverfox@pawb.socialEnglish
          5·
          21 hours ago

          The NSA doesn’t generally give access to agencies on the ground like that - at most they flag individuals in the interdepartmental system, they don’t hand over what they have easily

          But, if you have physical access to a device, there’s always a way in. Border control or a police department can buy tools to do it or hire contractors

          • umbrella@lemmy.ml
            1·
            17 hours ago

            yes, i was referring to them. im pretty sure the cellular network exploits still exist, and still available commercially. they don’t even need to physically have your phone. and modems are locked down tight on phones too, arent they?

            • theneverfox@pawb.socialEnglish
              2·
              16 hours ago

              Rather than locked down, they’re basically a black box - I think they have their own firmware and hook into the OS and hardware in weird ways (part of the reason why Linux phones are so difficult to make work)

              If the NSA wants to ping your phone location or even turn on the microphone, they can, supposedly even when the phone is “off”. If they want to side channel load in a rootkit, they probably can

              But NSA surveillance comes in two main flavors - broad and focused. If they think you’re a terrorist or of strategic interest, there’s a lot they can do… But that means actual humans are interested in you, personally.

              But for everyone else, they’re not going to sift through ten million phone storages - that’s way too much data to be useful, and they already have long collected way more than they could make use of. The broad stuff is about flagging people - the most effective is to look at networks of people. If you have connections to a terrorist, you’re a potential part of the network, and so you’ll be flagged as more interesting. I’ve heard rumors that certain keywords might be flagged on calls too, who knows. Too many flags and they might devote some man hours to looking into you personally

              But generally, they’re very protective of their tech. They don’t use the good stuff widely, because it’s not useful, and it increases the chance for discovery and countermeasures. My understanding is they won’t share their surveillance systems either - they might put notes or flags on shared LEO systems or tip someone off, but they really, really, like to play it close to the vest. Even with other 3 letter agencies

              So yes, this possibility exists - especially with llms to help filter through this information ocean - but there’s no shot they’re sharing capabilities with border control agents

              • umbrella@lemmy.ml
                1·
                15 hours ago

                i know the nsa has that capability but aren’t stingrays still a thing? those are sold to and operated by leo, which is scarier and more relevant for the average joe imo. think situations like patrols, protests, ice raids and stuff.

                • theneverfox@pawb.socialEnglish
                  1·
                  13 hours ago

                  I mean, yes and no. They just capture device info for a location, which can often be tied back to a person, but they just grab the info the phone sends to the tower. These days with Bluetooth and Wi-Fi you can even do something similar with just your phone

                  I don’t love that it exists for obvious reasons, but it’s a far cry from looking through your phone

                  I mean, the cell providers already sell your location info to anyone (including LEO, which is unconstitutional without a warrant as far as I’m concerned), as can Google, apple, and all sorts of apps - so this is a niche thing

                  FWIW, you can defeat that pretty simply… Just leave your phone behind and/or in a faraday pouch. No signal, no signature, no location data (from your phone at least). It won’t necessarily stop the NSA, but it’ll protect you in a protest where your just another face in the crowd

      • IHave69XiBucks@lemmygrad.ml
        5·
        1 day ago

        Not sure about CalyxOS but Graphene os has users so you could just switch to a different user and show them that and they probably wouldnt know to look for other users. Or you can disable apps, and then enable them again later. Disabling saves all data but hides the app and archives it. So it would only show up in the full app list in the settings not anywhere else. Not sure how thorough their checks are tho.

        Personally tho if i was gonna go through a US border and was worried about my devices being checked id just back it all up to an encrypted external ssd, stick it in my checked bag, and wipe my devices. Then restore them once ur through.